You’ve all heard the stats – small businesses are the #1 target for cybercriminals because they’re easy targets, with a recent article in Security Magazine reporting that nearly two-thirds (63%) of small businesses have experienced a cyber-attack and 58% an actual breach. But what many still don’t understand (or simply don’t appreciate) is how much a cyber-attack can cost you.
The following are some of the ways that cyber liability may cover you:
- Legal fees to handle any number of lawsuits, including class action litigation against your organization, as well as fines and penalties incurred by a regulatory investigation by government and law enforcement agencies.
- Negotiation and payment of a ransomware demand.
- Data restoration and emergency IT fees to recover your network and get it operational again.
- Customer notifications and credit and identity theft monitoring for clients and employees.
- Public relations expertise and call center costs for taking inbound calls and questions.
- Loss of revenue related to being unable to transact; if your operations and data are frozen, you might not be able to process sales and deliver goods and services for days or weeks.
- Errors and omissions to cover liability related to a failure to perform and deliver services to customers, as well as allegations of negligence in protecting your customers’ data.
If you want to make sure you don’t lose everything you worked so hard for to a cyber scumbag, cyber liability is a very important part of protecting your assets.
But here’s what you need to know: To get coverage, businesses are required by insurance companies to implement much more robust and comprehensive cyber protections. Obviously, the insurers want the companies they are underwriting to reduce the chances and the overall financial impact of a devastating cyber-attack, so they don’t have to pay out – and this is where you need to pay attention.
MANY business owners are signing (verifying) that they DO have such policies and protections in place, such as 2FA, a strength of password requirement, employee awareness training and data recovery and backups, but aren’t actually implementing them, because they assume their IT company or person knows this and is doing what is outlined in the policy. Not so in many cases.
Unless cyber security is your area of expertise, it’s very easy for you to misrepresent and make false statements in the application for insurance, which can lead to your being denied coverage in the event of an attack and having your policy rescinded.
If you have cyber liability or similar insurance policies in place, I urge you to revisit the application you completed with your IT person or company to make absolutely certain they are doing everything you represented and affirmed you are doing. Your insurance agent or broker should be willing to assist you with this process since your IT company or person cannot be expected to be insurance professionals who know how to interpret the legal requirements outlined.
What’s critical here is that you work with your IT company or person to ensure 100% compliance with the security standards, protocols, and protections you agreed to and verified having in place when you applied for coverage. IF A BREACH HAPPENS, your insurance provider will NOT just cut you a check. They will conduct an investigation to determine what happened and what caused the breach. They will want to see tangible evidence and documentation that proves the preventative measures you had in place to ward off cyberthreats. If it’s discovered that you failed to put in place the adequate preventative measures that you affirmed you had in place and would continue to maintain on your insurance application, your insurance company has every reason to deny your claim and coverage.